| ID | Name |
|---|---|
| ATAGS-T1117.001 | Credential API Hooking |
| ATAGS-T1117.002 | GUI Input Capture |
| ATAGS-T1117.003 | Keylogging |
| ATAGS-T1117.004 | Web Portal Capture |
Threat Actors may mimic common operating system GUI components to prompt users for credentials with a seemingly legitimate prompt. When programs are executed that need additional privileges than are present in the current user context, it is common for the operating system to prompt the user for proper credentials to authorize the elevated privileges for the task (ex: Bypass User Account Control).
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.